directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: bug in initializing authenticators for AuthenticatorInterceptor
Date Tue, 16 Apr 2013 22:39:41 GMT
Le 4/16/13 8:05 PM, Wu, James C. a écrit :
> Hi,
>
> I am looking at this two method definition in the AuthenticationInterceptor.java class.
 This two method should both set to the authenticators for the interceptor to the input given
in the parameter given both are a setter.  However, the logic of method body of these two
methods are quite different. The first method just set the member variable (authenticators)
to the input parameters, while the second method will register the authenticator and strangely
enough, it does not set the member variable (authenticators) to the input parameter.
>
>     /**
>      * @param authenticators authenticators to be used by this AuthenticationInterceptor
>      */
>     public void setAuthenticators( Set<Authenticator> authenticators )
>     {
>         if ( authenticators == null )
>         {
>             this.authenticators.clear();
>         }
>         else
>         {
>             this.authenticators = authenticators;
>         }
>     }
>
>
>     /**
>      * @param authenticators authenticators to be used by this AuthenticationInterceptor
>      */
>     public void setAuthenticators( Authenticator[] authenticators )
>     {
>         if ( authenticators == null )
>         {
>             throw new IllegalArgumentException( "The given authenticators set is null"
);
>         }
>
>         this.authenticators.clear();
>         this.authenticatorsMapByType.clear();
>
>         for ( Authenticator authenticator : authenticators )
>         {
>             try
>             {
>                 register( authenticator, directoryService );
>             }
>             catch ( LdapException le )
>             {
>                 LOG.error( "Cannot register authenticator {}", authenticator );
>             }
>         }
>     }
>
>
> I traced the execution of the start of the apacheds service. During the startup of the
apacheds service, three authenticators will be created, and the setAuthenticators( Authenticator[]
authenticators ) method will be called. But due to the fact that, the member variable authenticators
is not set, when the execution gets to init method of the authenticatorinterceptor, three
new default authenticator will be created because the authenticators is null and default authenticators
are created. Now we have six authenticators. Three of them (Simple, Strong, Anonymous) created
by the setDefaultAuthenticators are in the authenticators list, the other three (Simple, Strong,
Anonymous) created by createInterceptors  in the ServiceBuilder class are in the authenticatorsMapByType
map.
>
> I am thinking this is a bug. First of all, these two methods should behave in the same
way. Second, we should not have duplicated authenticators, plus the three authenticators created
by the createInterceptors   method in the ServiceBuilder class is not properly initialized.
Their directoryService field is null.

This is clearly a wrong initialization. My understanding is that we have
stacked layers on top of layers during years, but never cleaned up the
class.

I also modified this code 8 weeks ago, I don't remember why I change it
this way (cf
http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?r1=1424688&r2=1446503&diff_format=h),
but this is clearly wrong...

It's a bit late for me to come with a better version, I'm afraid to
break the code even more, so I'll get a good night of sleep and come
back tomorrow with a clear mind.

Thanks a lot for pointing this !


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com 


Mime
View raw message